Guest

Virtual LANs/VLAN Trunking Protocol (VLANs/VTP)

ISL and 802.1Q Trunking Between Catalyst Layer 2 Fixed Configuration Switches and CatOS Switches Configuration Example

Document ID: 8758

Updated: Aug 30, 2005

   Print

Introduction

This document provides sample configurations for InterSwitch Link Protocol (ISL) and IEEE 802.1Q trunking between a Cisco Catalyst 5500 and a Catalyst 3500XL switch. The document displays the results of each command as you issue the command. You can use any of these switches in the scenarios in this document to obtain the same results:

  • Catalyst 4500/4000 and 6500/6000 series switches that run Catalyst OS (CatOS)

  • Other members of the Catalyst 5500/5000 series

  • Any of the Catalyst Layer 2 fixed configuration switches

    The Catalyst Layer 2 fixed configuration switches include the 2900/3500XL, 2940, 2950/2955 and 2970.

Before you proceed further with this document, refer to VLAN Trunking Protocols Support .

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

To create the examples in this document, these switches were used in a lab environment with cleared configurations:

  • Catalyst 3524XL switch that runs Cisco IOS® Software Release 12.0(5)WC7

  • Catalyst 5500 switch that runs CatOS 6.4(2) software

The configurations in this document were implemented in an isolated lab environment. Ensure that you understand the potential impact of any configuration or command on your network. The configurations on all devices were cleared with the clear config all command on the Catalyst 5500 switch and write erase command on the Catalyst 3524XL switch to ensure a default configuration.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Background Theory

Trunking is a way to carry traffic from several VLANs over a point-to-point link between the two devices. Two ways in which you can implement Ethernet trunking are:

  • ISL, a Cisco proprietary protocol

  • IEEE 802.1Q standard

This document creates a trunk that carries traffic from two VLANs across a single link between a Catalyst 3500 and a Catalyst 5500 switch. Information on how to route between the two VLANs is beyond the scope of this document.

Important Notes

For Catalyst 2940/2950/2955/2970 Switches

Catalyst 2940 and 2950/2955 series switches support only 802.1Q trunking. These switches do not support ISL trunking.

Catalyst 2970 series switches support both ISL and 802.1Q trunking.

For Catalyst 2900XL/3500XL Switches

The Catalyst 2900XL/3500XL switches do not support Dynamic Trunking Protocol (DTP). Use the nonegotiate option for the switchport trunk command on the other side of the trunk link. Use of the nonegotiate option prevents the receipt of DTP frames from the peer that the XL switch cannot process.

Note: On a 4-MB DRAM Catalyst 2900XL switch, there is trunking support with these trunking-capable modules only:

  • WS-X2914-XL-V

  • WS-X2922-XL-V

  • WS-X2924-XL-V

  • WS-X2931-XL

  • WS-X2932-XL

See this table for the current list of switch models that support trunking:

Switch Models Minimum Cisco IOS Software Release Necessary for ISL Trunking Minimum Cisco IOS Software Release Necessary for 802.1Q Trunking Current Cisco IOS Software Release Necessary for Trunking (ISL/802.1Q )
WS-C2916M-XL (4-MB switch) Cisco IOS Software Release 11.2(8)SA4, Enterprise Edition Cisco IOS Software Release 11.2(8)SA5, Original Edition Cisco IOS Software Release 11.2(8.6)SA6, Original Edition
WS-C2912-XL WS-C2924-XL WS-C2924C-XL WS-C2924M-XL WS-C2912MF-XL Cisco IOS Software Release 11.2(8)SA4, Enterprise Edition Cisco IOS Software Release 11.2(8)SA5, Original Edition Cisco IOS Software Release 12.0(5)WC(1) or later
WS-C2924M-XL-DC Cisco IOS Software Release 12.0(5)XU Cisco IOS Software Release 12.0(5)XU Cisco IOS Software Release 12.0(5)WC(1) or later
WS-C3508G-XL WS-C3512-XL WS-C3524-XL Cisco IOS Software Release 11.2(8)SA4, Enterprise Edition Cisco IOS Software Release 11.2(8)SA5, Original Edition Cisco IOS Software Release 12.0(5)WC(1) or later
WS-C3548-XL Cisco IOS Software Release 12.0(5)XP, Enterprise Edition Cisco IOS Software Release 12.0(5)XP, Enterprise Edition Cisco IOS Software Release 12.0(5)WC(1) or later
WS-C3524-PWR-XL WS-C3524-PWR-XL Cisco IOS Software Release 12.0(5)XU Cisco IOS Software Release 12.0(5)XU Cisco IOS Software Release 12.0(5)WC(1) or later
WS-C2940-8TF-S WS-C2940-8TT-S No support for ISL Cisco IOS Software Release 12.1(13)AY Cisco IOS Software Release 12.1(13)AY or later for 802.1Q No support for ISL
WS-C2950-12 WS-C2950-24 WS-C2950C-24 WS-C2950T-24 WS-C2955T-12 WS-C2955C-12 WS-C2955S-12 No support for ISL Cisco IOS Software Release 12.0(5)WC(1) Cisco IOS Software Release 12.0(5)WC(1) or later for 802.1Q No support for ISL
WS-C2970G-24T-E Cisco IOS Software Release 12.1(11)AX Cisco IOS Software Release 12.1(11)AX Cisco IOS Software Release 12.1(11)AX or later

Note: In this table, only WS-C2916M-XL is a 4-MB DRAM switch. All other switches in the list are 8-MB DRAM switches. In order to determine whether your switch has 4 MB or 8 MB of DRAM, issue the user-level show version command. For more information, refer to the How to Determine the Amount of Switch Memory Using Command Line Interface section of Upgrading Software in Catalyst 2900XL and 3500XL Switches Using the Command Line Interface.

For Catalyst 4500/4000, 5500/5000, and 6500/6000 Switches

  • The Catalyst 4500/4000 series, which includes the Catalyst 2948G and Catalyst 2980G, only supports 802.1Q trunking. The series does not support ISL trunking.

  • Any Ethernet port on a Catalyst 6500/6000 series switch supports either 802.1Q or ISL encapsulation.

  • Catalyst 5500/5000 trunk-capable ports either support ISL encapsulation only, or support either ISL or 802.1Q. This support scenario depends on the module. Issue the show port capabilities command to determine the support. The command output explicitly states the trunking capacity. Here is an example:

    cat5509 show port capabilities 3
    Model                    WS-X5234
    Port                     3/1
    Type                     10/100BaseTX
    Speed                    auto,10,100
    Duplex                   half,full
    Trunk encap type         802.1Q,ISL
    
    !--- This port supports both 802.1Q and ISL.
    
    Trunk mode               on,off,desirable,auto,nonegotiate
    Channel                  3/1-2,3/1-4 
    Broadcast suppression    percentage(0-100)
    Flow control             receive-(off,on),send-(off,on)
    Security                 yes
    Membership               static,dynamic
    Fast start               yes
    QOS scheduling           rx-(none),tx-(1q4t)
    CoS rewrite              yes
    ToS rewrite              IP-Precedence
    Rewrite                  yes
    UDLD                     yes
    AuxiliaryVlan            1..1000,untagged,dot1p,none
    SPAN                     source,destination
  • Make sure that the trunking modes match across the trunk link. If you have configured one side of the link as an ISL trunk, configure the other side of the link as ISL. Similarly, if you have configured one side of the link as an 802.1Q, configure the other side of the link as 802.1Q.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:

43a.gif

Configurations

This document uses these switch configurations:

This document applies this configuration to the switches:

  • Set VLAN Trunk Protocol (VTP) modes on the switches.

  • Add a second VLAN, VLAN 2, on the switches.

    Note: You add ports on those VLANs.

  • Enable trunking with use of ISL or 802.1Q on the Fast Ethernet link that interconnects the switches.

    This allows the trunk to carry traffic for all VLANs.

  • Enable spanning tree PortFast on the ports, where workstations have connection.

    According to the topology, you enable spanning tree PortFast on ports 3/2 and 3/3 on the Catalyst 5500 and on ports FastEthernet0/2 and FastEthernet0/3 on the Catalyst 3524XL switch.

This procedure provides the commands necessary to configure trunking. Each step includes the Cisco IOS Software and CatOS commands. Base your choice of command to use on the software that runs on the switch.

  1. Configure VTP on both switches.

    In this example, you configure VTP mode as transparent. You can also configure the switches as either client or server. For more information, refer to Creating and Maintaining VLANs.

    • Cisco IOS Software

      IOSSwitch#vlan database
      3524xl(vlan)#vtp transparent
      Setting device to VTP TRANSPARENT mode.
    • CatOS

      CatOSSwitch> (enable) set vtp mode transparent
      VTP domain modified
  2. Create the additional VLANs.

    You must complete this step on both switches if the VTP mode is transparent, as in the example. Otherwise, you only need to define the additional VLANs on the VTP server switch.

    • Cisco IOS Software

      IOSSwitch(vlan)#vlan 2
      VLAN 2 added:
      Name: VLAN0002
      IOSSwitch(vlan)#exit
      APPLY completed.
      Exiting....
    • CatOS

      CatOSSwitch(enable) set vlan 2
      VTP advertisements transmitting temporarily stopped,
      and will resume after the command finishes.
      Vlan 2 configuration successful
  3. Assign some ports to the VLANs and, at the same time, enable PortFast on those ports if necessary.

    • Cisco IOS Software

      IOSSwitch(config)#interface fastethernet 0/2
      IOSSwitch(config-if)#switchport access vlan 2
      IOSSwitch(config-if)#spanning-tree portfast
      %Warning: portfast enabled on FastEthernet0/2.
      
      !--- Usually, you need to enable PortFast on ports that connect 
      !--- to a single host. When you have enabled PortFast,  
      !--- hubs, concentrators, switches, and bridges that connect to this 
      !--- interface can cause temporary spanning tree loops.
      !--- Use PortFast with CAUTION.
      
      IOSSwitch(config-if)#exit
      
    • CatOS

      CatOSSwitch> (enable) set vlan 2 3/2
      Vlan 2 configuration successful
      VLAN 2 modified.
      VLAN 1 modified.
      VLAN Mod/Ports
      ---- -----------------------
      2     3/2 
      CatOSSwitch> (enable) set spantree portfast 3/2 enable
      
  4. Enable trunking on the port.

    • Cisco IOS Software

      IOSSwitch(config)#interface fastethernet 0/1
      IOSSwitch(config-if)#switchport mode trunk
      
    • CatOS

      Omit this step for CatOS switches. In Step 5, you designate a port as trunk and, at the same time, you define the encapsulation.

  5. Enter the trunking encapsulation as either ISL or 802.1Q (dot1q).

    • Cisco IOS Software

      IOSSwitch(config-if)#switchport trunk encapsulation isl
      
      OR
      
      IOSSwitch(config-if)#switchport trunk encapsulation dot1q
      

      Note: In the case of 2940/2950 switches, do not use these switchport commands. The Catalyst 2940/2950 switches only support 802.1Q encapsulation. When you enable trunking on the interface with the switchport mode trunk command, you automatically configure 802.1Q encapsulation.

    • CatOS

      CatOSSwitch> (enable) set trunk 3/1 nonegotiate isl
      Port(s) 3/1 trunk mode set to nonegotiate.
      Port(s) 3/1 trunk type set to Isl.
      
      !--- This switch connects to a 2900XL. 
      !--- Therefore, you must use the nonegotiate option. 
      
      CatOSSwitch> (enable)

      OR

      
      !--- If you want to configure 802.1Q trunking instead,
      !--- issue this command:
      
      CatOSSwitch>(enable) set trunk 3/1 nonegotiate dot1q
      

    There are several options for trunking modes, such as: on, off, auto, desirable, auto, and nonegotiate. For more information on each, refer to the appropriate CatOS software configuration page for the switch product that you are configuring.

    In the case of 802.1Q, make sure that the native VLAN matches across the link. By default, the native VLAN is 1 or the VLAN that you have configured on the port. If your network requires the native VLAN to be other than VLAN 1, you can change the native VLAN. If you change the default native VLAN, you must change the native VLAN on the other side of the link as well. In order to change the native VLAN, issue one of these commands:

    • Cisco IOS Software

      switchport trunk native vlan vlan-ID
      
      
    • CatOS

      set vlan vlan-ID module/port
      
      

      Note: The module/port in this command is the trunk port.

Note: This output shows the issue of commands on the 3524XL switch. Comments in blue italics explain certain commands and steps:

Catalyst 3524XL
3524xl#show running-config
Building configuration...

Current configuration:

!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3524xl
!
no logging console
enable password mysecret
!
!
!
!
!
ip subnet-zero
!
!
!
interface fastethernet0/1
switchport mode trunk
!

!--- If you have configured 802.1Q, 
!--- you instead see this output 
!--- under interface fastethernet0/1:
!--- interface fastethernet0/1
!--- switchport trunk encapsulation dot1q
!--- switchport mode trunk


!
interface fastethernet0/2
switchport access vlan 2
spanning-tree portfast
!
interface fastethernet0/3
spanning-tree portfast
!
interface fastethernet0/4
!

!--- Output suppressed.
!
interface VLAN1
ip address 10.10.10.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
password mysecret
login
line vty 5 15
login
!
end

Note: This output shows the issue of commands on the 5500 switch. Comments in blue italics explain certain commands and steps:

Catalyst 5500
cat5509> (enable) show config
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
........

..................

..

begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
!
set enablepass $2$FNl3$8MSzcpVMg1H2aWfll13aZ.
!
#system
set system name  cat5509
!
#frame distribution method
set port channel all distribution mac both
!
#vtp
set vtp mode transparent
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 2 
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state 
 active stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state 
 active stp ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state 
 active mode srb aremaxhop 7 stemaxhop 7 backupcrf off
!
#ip
set interface sc0 1 10.10.10.3/255.255.255.0 10.10.10.255
!
!
# default port status is enable
!
!
#module 1 : 4-port 10/100BaseTX Supervisor
!
#module 2 : 3-port 1000BaseX Ethernet
!
#module 3 : 24-port 10/100BaseTX Ethernet
set vlan 2  3/2
set trunk 3/1 nonegotiate isl 1-1005

!--- If you have configured 802.1Q trunk, 
!--- this line displays as:
!--- set trunk 3/1 nonegotiate dot1q 1-1005


set spantree portfast 3/2-3 enable
!
#module 4 empty
!
#module 5 empty
!
#module 6 : 24-port 10BaseF Ethernet
!
#module 7 empty
!
#module 8 : 24-port 10/100BaseTX Ethernet
!
#module 9 empty
end
cat5509> (enable)

Verify

show Commands

This section provides information that you can use to confirm that your configuration works properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

On the Catalyst 2900XL/3500XL/2950 switches:

  • show interfaces {fastethernet | gigabitethernet} module/port switchport

  • show vlan

  • show vtp status

On the Catalyst 5500/5000 switch:

  • show port capabilities module/port

  • show port module/port

  • show trunk module/port

  • show vtp domain

Sample show Command Output

Catalyst 3500XL Switch

  • show interfaces {fastethernet | gigabitethernet} module/port switchport

    Use this command to check the administrative and operational status of the port. Also, use this command to make sure that the native VLAN matches on both sides of the trunk. The native VLAN handles untagged traffic when the port is in 802.1Q trunking mode. Refer to Creating and Maintaining VLANs for details on native VLANs.

    3524xl#show interfaces fastethernet 0/1 switchport 
    Name: Fa0/1
    Switchport: Enabled
    Administrative mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: isl
    Operational Trunking Encapsulation: isl
    Negotiation of Trunking: Disabled
    Access Mode VLAN: 0 ((Inactive))
    Trunking Native Mode VLAN: 1 (default)
    Trunking VLANs Enabled: ALL
    Trunking VLANs Active: 1,2
    Pruning VLANs Enabled: 2-1001
    
    Priority for untagged frames: 0
    Override vlan tag priority: FALSE
    Voice VLAN: none
    Appliance trust: none
    Self Loopback: No

    Note: For 802.1Q trunking, the output of the show interfaces {fastethernet | gigabitethernet} module/port switchport command changes in this way:

    3524xl#show interfaces fastethernet 0/1 switchport 
    Name: Fa0/1
    Switchport: Enabled
    Administrative mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: Disabled
    Access Mode VLAN: 0 ((Inactive))
    Trunking Native Mode VLAN: 1 (default)
    Trunking VLANs Enabled: ALL
    Trunking VLANs Active: 1,2
    Pruning VLANs Enabled: 2-1001
    
    Priority for untagged frames: 0
    Override vlan tag priority: FALSE
    Voice VLAN: none
    Appliance trust: none
    Self Loopback: No
  • show vlan

    Use this command to verify that the interfaces, or ports, belong to the correct VLAN. In this example, only interface Fa0/2 belongs to VLAN 2. The rest of the interfaces are members of VLAN 1:

    3524xl#show vlan 
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6,
                                                    Fa0/7, Fa0/8, Fa0/9, Fa0/10,
                                                    Fa0/11, Fa0/12, Fa0/13, Fa0/14,
                                                    Fa0/15, Fa0/16, Fa0/17, Fa0/18,
                                                    Fa0/19, Fa0/20, Fa0/21, Fa0/22,
                                                    Fa0/23, Fa0/24, Gi0/1, Gi0/2
    2    VLAN0002                         active    Fa0/2
    1002 fddi-default                     active    
    1003 token-ring-default               active    
    1004 fddinet-default                  active    
    1005 trnet-default                    active    
    
    !--- Output suppressed.
    
    
  • show vtp status

    Use this command to check the VTP configuration on the switch. In this example, the VTP mode is Transparent. The correct VTP mode depends on the topology of your network. For details on VTP, refer to Creating and Maintaining VLANs.

    3524xl#show vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 254
    Number of existing VLANs        : 6
    VTP Operating Mode              : Transparent
    VTP Domain Name                 : 
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0x74 0x79 0xD3 0x08 0xC0 0x82 0x68 0x63 
    Configuration last modified by 10.10.10.2 at 3-1-93 00:05:30

CatOS Switches

  • show port capabilities module/port

    Use this command to check if the port is capable of trunking:

    cat5509 show port capabilities 3/1
    Model                    WS-X5234
    Port                     3/1
    Type                     10/100BaseTX
    Speed                    auto,10,100
    Duplex                   half,full
    Trunk encap type         802.1Q,ISL
    Trunk mode               on,off,desirable,auto,nonegotiate
    Channel                  3/1-2,3/1-4 
    Broadcast suppression    percentage(0-100)
    Flow control             receive-(off,on),send-(off,on)
    Security                 yes
    Membership               static,dynamic
    Fast start               yes
    QOS scheduling           rx-(none),TX(1q4t)
    COs rewrite              yes
    ToS rewrite              IP-Precedence
    Rewrite                  yes
    UDLD                     yes
    AuxiliaryVlan            1..1000,untagged,dot1p,none
    SPAN                     source,destination
  • show port module/port

    cat5509> (enable) show port 3/1
    
    Port  Name               Status     Vlan       Level  Duplex Speed Type
    ----- ------------------ ---------- ---------- ------ ------ ----- ------------
     3/1                     connected  trunk      normal a-full a-100 10/100BaseTX
    
    Port  AuxiliaryVlan AuxVlan-Status
    ----- ------------- --------------
     3/1  none          none          
    
    
    Port  Security Violation Shutdown-Time Age-Time Max-Addr Trap     IfIndex
    ----- -------- --------- ------------- -------- -------- -------- -------
     3/1  disabled  shutdown             0        0        1 disabled      12
    
    Port  Num-Addr Secure-Src-Addr   Age-Left Last-Src-Addr     Shutdown/Time-Left
    ----- -------- ----------------- -------- ----------------- ------------------
     3/1         0                 -        -                 -        -         -
    
    !--- Output suppressed.
    
    
  • show trunk module/port

    Use this command to verify the trunking status and configuration.

    cat5509> (enable) show trunk
    * - indicates vtp domain mismatch
    Port      Mode         Encapsulation  Status        Native vlan
    --------  -----------  -------------  ------------  -----------
     3/1      nonegotiate  isl            trunking      1
    
    Port      Vlans allowed on trunk
    --------  ---------------------------------------------------------------------
     3/1      1-1005
    
    Port      Vlans allowed and active in management domain 
    --------  ---------------------------------------------------------------------
     3/1      1-2
    
    Port      Vlans in spanning tree forwarding state and not pruned
    --------  ---------------------------------------------------------------------
     3/1      1-2
    

    Note: For 802.1Q trunking, the output of this command changes in this way:

    cat5509> (enable) show trunk
    * - indicates vtp domain mismatch
    Port      Mode         Encapsulation  Status        Native vlan
    --------  -----------  -------------  ------------  -----------
     3/1      nonegotiate  dot1q          trunking      1
    
    Port      Vlans allowed on trunk
    --------  ---------------------------------------------------------------------
     3/1      1-1005
    
    Port      Vlans allowed and active in management domain 
    --------  ---------------------------------------------------------------------
     3/1      1-2
    
    Port      Vlans in spanning tree forwarding state and not pruned
    --------  ---------------------------------------------------------------------
     3/1      1-2
    
  • show vtp domain

    cat5509> (enable) show vtp domain
    DomainName                      Domain Index VTP Version Local Mode  Password
    -------------------------------- ------------ ----------- ----------- ----------
                                     1            2           Transparent -
    
    Vlan-count Max-vlan-storage Config Revision Notifications
    ---------- ---------------- --------------- -------------
    6          1023             0               disabled
    
    Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
    --------------- -------- -------- -------------------------
    10.10.10.3      disabled disabled 2-1000

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Aug 30, 2005
Document ID: 8758